How to use the parliament.UnknownActionException function in parliament

To help you get started, we’ve selected a few parliament examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github duo-labs / parliament / tests / unit / test_action_expansion.py View on Github external
def test_exception_bad_expansion(self):
        try:
            expand_action("s3:zzz*")
            assert False
        except UnknownActionException as e:
            assert True
github duo-labs / parliament / parliament / statement.py View on Github external
def get_privilege_info(service, action):
    """
    Given a service, like "s3"
    and an action, like "ListBucket"
    return the info from the docs about that action, along with some of the info from the docs
    """
    for service_info in iam_definition:
        if service_info["prefix"] == service:
            for privilege_info in service_info["privileges"]:
                if privilege_info["privilege"] == action:
                    privilege_info["service_resources"] = service_info["resources"]
                    privilege_info["service_conditions"] = service_info["conditions"]
                    return privilege_info
    raise UnknownActionException("Unknown action {}:{}".format(service, action))
github duo-labs / parliament / parliament / statement.py View on Github external
location={"string": self.stmt},
                )
                return False

        # Expand the actions from s3:Get* to s3:GetObject and others
        expanded_actions = []
        for action in actions:
            # Handle special case where all actions are allowed
            if action == "*" or action == "*:*":
                # TODO Should ensure the resource is "*" with this action
                continue

            try:
                # Given an action such as "s3:List*", return all the possible values it could have
                expanded_actions.extend(expand_action(action))
            except UnknownActionException as e:
                self.add_finding(
                    "UNKNOWN_ACTION", detail=str(e), location={"unknown_action": action, "statement": self.stmt}
                )
                return False
            except UnknownPrefixException as e:
                self.add_finding(
                    "UNKNOWN_PREFIX", detail=str(e), location={"statement": self.stmt}
                )
                return False
            except Exception as e:
                self.add_finding(
                    "EXCEPTION", detail=str(e), location={"statement": self.stmt}
                )
                return False

        # Check the resources are correct formatted correctly